There is a difference between restart and stop/start. Try a stop/start.

On 4/4/2017 8:33 AM, Rajesh M wrote:

yes, i restarted qmail.


----- Original Message -----
From: Eric Broch []
Sent: Tue, 4 Apr 2017 06:14:59 -0600


Did you (restart)

# qmailctl restart



# qmailctl stop

# qmailctl start



On 4/4/2017 12:13 AM, Rajesh M wrote:

here are the details

[root@ns1 control]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

[root@ns1 control]# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher 
"AES256-SHA" -debug -msg -connect
read from 0x1777e10 [0x17b9ae0] (4096 bytes => 75 (0x4B))
0000 - 32 32 30 20 6d 74 61 31-31 2e 65 6d 61 73 2e 64   220 mta11.emas.d
0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 45 53 ES
0020 - 4d 54 50 20 53 6d 74 70-64 3b 20 54 75 65 2c 20   MTP Smtpd; Tue,
0030 - 34 20 41 70 72 20 32 30-31 37 20 30 38 3a 31 32   4 Apr 2017 08:12
0040 - 3a 33 30 20 2b 30 32 30-30 0d 0a                  :30 +0200..
write to 0x1777e10 [0x17baaf0] (25 bytes => 25 (0x19))
0000 - 45 48 4c 4f 20 6f 70 65-6e 73 73 6c 2e 63 6c 69   EHLO openssl.cli
0010 - 65 6e 74 2e 6e 65 74 0d-0a              
read from 0x1777e10 [0x17b9ae0] (4096 bytes => 230 (0xE6))
0000 - 32 35 30 2d 6d 74 61 31-31 2e 65 6d 61 73 2e 64   250-mta11.emas.d
0010 - 62 73 63 68 65 6e 6b 65-72 2e 63 6f 6d 20 48 65 He
0020 - 6c 6c 6f 20 6e 73 31 2e-61 61 61 6f 6e 6c 69 6e   llo ns1.aaaonlin
0030 - 75 78 2e 63 6f 6d 20 5b-31 30 33 2e 32 34 31 2e [103.241.
0040 - 31 38 31 2e 31 33 37 5d-2c 20 70 6c 65 61 73 65   181.137], please
0050 - 64 20 74 6f 20 6d 65 65-74 20 79 6f 75 0d 0a 32   d to meet you..2
0060 - 35 30 2d 45 4e 48 41 4e-43 45 44 53 54 41 54 55   50-ENHANCEDSTATU
0070 - 53 43 4f 44 45 53 0d 0a-32 35 30 2d 50 49 50 45   SCODES..250-PIPE
0080 - 4c 49 4e 49 4e 47 0d 0a-32 35 30 2d 38 42 49 54   LINING..250-8BIT
0090 - 4d 49 4d 45 0d 0a 32 35-30 2d 53 49 5a 45 20 32   MIME..250-SIZE 2
00a0 - 36 32 31 34 34 30 30 0d-0a 32 35 30 2d 41 55 54   6214400..250-AUT
00b0 - 48 20 4c 4f 47 49 4e 20-50 4c 41 49 4e 0d 0a 32   H LOGIN PLAIN..2
00c0 - 35 30 2d 53 54 41 52 54-54 4c 53 0d 0a 32 35 30   50-STARTTLS..250
00d0 - 2d 44 45 4c 49 56 45 52-42 59 0d 0a 32 35 30 20   -DELIVERBY..250
00e0 - 48 45 4c 50 0d 0a                                 HELP..
write to 0x1777e10 [0x7ffd0b0c4880] (10 bytes => 10 (0xA))
0000 - 53 54 41 52 54 54 4c 53-0d 0a                     STARTTLS..
read from 0x1777e10 [0x16aad00] (8192 bytes => 30 (0x1E))
0000 - 32 32 30 20 32 2e 30 2e-30 20 52 65 61 64 79 20   220 2.0.0 Ready
0010 - 74 6f 20 73 74 61 72 74-20 54 4c 53 0d 0a         to start TLS..
write to 0x1777e10 [0x17b9ae0] (99 bytes => 99 (0x63))
0000 - 16 03 01 00 5e 01 00 00-5a 03 03 58 e3 38 52 5c   ....^...Z..X.8R\
0010 - d3 37 8b 23 86 92 e6 63-2f e7 dd f9 ed 42 df 2b   .7.#...c/....B.+
0020 - 45 51 06 1e f2 f3 38 b1-36 c7 d4 00 00 04 00 35   EQ....8.6......5
0030 - 00 ff 01 00 00 2d 00 23-00 00 00 0d 00 20 00 1e   .....-.#..... ..
0040 - 06 01 06 02 06 03 05 01-05 02 05 03 04 01 04 02   ................
0050 - 04 03 03 01 03 02 03 03-02 01 02 02 02 03 00 0f   ................
0060 - 00 01 01                                          ...
TLS 1.2 Handshake [length 005e], ClientHello
      01 00 00 5a 03 03 58 e3 38 52 5c d3 37 8b 23 86
      92 e6 63 2f e7 dd f9 ed 42 df 2b 45 51 06 1e f2
      f3 38 b1 36 c7 d4 00 00 04 00 35 00 ff 01 00 00
      2d 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06
      03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03
      02 03 03 02 01 02 02 02 03 00 0f 00 01 01

thank you,

----- Original Message -----
From: Eric Broch []
Sent: Tue, 4 Apr 2017 00:09:04 -0600

Also run command with -debug and -msg options in red below.

# openssl s_client -starttls smtp  -no_ssl3 -no_ssl2 -cipher
"AES256-SHA" -debug -msg -connect

On 4/4/2017 12:03 AM, Eric Broch wrote:

Please disregard my last question (Does it connect and get full cert
details if you use IP address?).

"here too, the issue is server side. My mail server is not able to
connect to the mail server of and send the emails of my clients"

Your server is acting as a client in this case by initiating a TLS
connection to the domains in deliver mail, correct? Do
you have settings in one of your control files to initiate TLS
connections with certain domains?

"openssl s_client -starttls smtp -no_ssl3 -no_ssl2 -cipher
"AES256-SHA" -connect"

This command works from my COS6 and COS7 hosts. So I don't think it's
on their end.

which openssl version are you running?


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

White Horse Technical Consulting (WHTC)

Reply via email to